EP2520064B1 - Verteilte authentifizierung mit daten-clouds - Google Patents
Verteilte authentifizierung mit daten-clouds Download PDFInfo
- Publication number
- EP2520064B1 EP2520064B1 EP10840637.2A EP10840637A EP2520064B1 EP 2520064 B1 EP2520064 B1 EP 2520064B1 EP 10840637 A EP10840637 A EP 10840637A EP 2520064 B1 EP2520064 B1 EP 2520064B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- data
- authentication
- data cloud
- cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000004044 response Effects 0.000 claims description 27
- 238000000034 method Methods 0.000 claims description 22
- 238000013500 data storage Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 claims description 10
- 235000014510 cooky Nutrition 0.000 claims description 7
- 238000013475 authorization Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000009795 derivation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 150000003839 salts Chemical class 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 1
- 208000036829 Device dislocation Diseases 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Definitions
- the exemplary embodiments of this invention relate generally to user data storage and retrieval methods, apparatus and computer programs and, more specifically, relate to user authentication methods, apparatus and computer programs when accessing stored data.
- OAuth http//oauth.net
- OAuth creates a freely-implementable and generic methodology for API authentication.
- the RDF data model (www.w3.org/RDF) is based upon making statements about resources (in particular Web resources) in the form of subject-predicate-object expressions, referred to as "triples".
- the subject denotes the resource
- the predicate denotes traits or aspects of the resource and expresses a relationship between the subject and the objcct.
- a "cloud” may be considered to refer to a collection of resources (e.g., hardware resources and/or software resources) that are provided and maintained, relative to a particular user, by one or more third parties.
- the collection of resources is accessible by the particular user over a data communications network.
- the data communications network can be a wireline network and/or a wireless network, and may embody the Internet and/or a local area network (LAN).
- the resources can provide services to the user, such as data storage services, word processing services, and other types of services and/or applications that are conventionally associated with person computers and/or local servers.
- the cloud provides distributed data storage for a user it may be referred to as a "data cloud”.
- a problem that arises in such a scenario is how to best provide security and privacy for a particular user's data in the data cloud so as to, for example, prevent unauthorized access to the user's data.
- FRANKS J ET AL "HTTP Authentication: Basic and Digest Access Authentication", REQUEST FOR COMMENTS: 2617, CATEGORY: STANDARDS TRACK,, [Online] 1 J1-24, XP008157367 , discloses a digest access authentication scheme for avoiding security flaws of Basic authentication.
- the digest scheme is based on a simple challenge-response paradigm.
- the Digest scheme challenges using a nonce value.
- a valid response contains a checksum (by default, the MD5 checksum) of the username, the password, the given nonce value, the HTTP method, and the requested URI. In this way, the password is never sent in the clear.
- XINWEN ZHANG ET AL "Securing elastic applications on mobile devices for cloud computing" CCSW'09 PROCEEDINGS OF THE 2009 ACM WORKSHOP ON CLOUD COMPUTI ⁇ , November 2009 (2009-11-13), pages 127-134, XP008157355 , discloses a method for securing elastic applications on mobile devices for cloud computing.
- Web-lets can be authorized to access sensitive user data by using an elasticity service residing on the cloud.
- the web-lets can be authorized by using shared user credentials or OAuth-like authentication.
- US 2009/300364 A1 discloses username based authentication security.
- the password for an account is stored in a hashed form and salted before hashing.
- a username may be used as a basis for salt value in a challenge response authentication protocol.
- a method comprises, in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user; receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce; presenting the information descriptive of the authentication realm to the user and prompting the user for a user name and password; re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password; and if the user credentials are valid, receiving from the data cloud the requested stored data.
- an apparatus comprises a processor and a memory including computer program code.
- the memory and computer program code are configured to, with the processor, cause the apparatus at least to perform, in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user; receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce; presenting the information descriptive of the authentication realm to the user and prompting the user for a user name and password; re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password and, if the user credentials are valid, receiving from the data cloud the requested stored data.
- FIG. 1 is a simplified block diagram that illustrates a client 10 and a data cloud 20, as well as message flow between the client 10 and the data cloud 20 in accordance with the exemplary embodiments of this invention.
- the client 10 which may be or include, for example, a browser and/or user agent, includes or is hosted by at least one data processor 10A and at least one computer-readable medium such as a memory 10B.
- the memory 10B is assumed to include a program (PROG) 10C containing computer software instructions that when executed cause the client 10 to operate in accordance with the exemplary embodiments of this invention.
- PROG program
- a wired and/or wireless data communications network 12 bi-directionally connects the client 10 to the data cloud 20, and more specifically to at least one server 22 that may also be assumed to include at least one data processor (DP) 22A and at least one computer-readable medium such as a memory 22B.
- the memory 22B is assumed to include a program (PROG) 22C containing computer software instructions that when executed cause the server 22 10 to operate in accordance with the exemplary embodiments of this invention.
- the data cloud 20 also includes a plurality of data storage devices or systems or stores 24 (24A, 24B,...,24 n ) storing key-value pairs (credentials) and other data.
- the stores 24 may be based on any suitable type of data storage technology including, but not limited to, fixed and removable storage medium, rotating disks using magnetic or optical data storage read and write capability, as well as semiconductor memory.
- the client 10 can be embodied in, as exemplary and non-limiting embodiments, a PC, a workstation, a mobile device such as a laptop or notebook computer, or a wireless communication device such as a cellular phone, personal digital assistant, an Internet appliance, or any suitable type of user device that enables connectivity to the Internet and/or the data cloud 20.
- the data stores 24 may be based on any suitable type of data storage technology including, but not limited to, fixed and removable storage medium, rotating disks using magnetic or optical data storage read and write capability as well as semiconductor memory.
- the data in the data cloud 20 is available for authorized services and applications, and the data cloud 20 controls access to data, e.g., to the credentials.
- the stored data is assumed to be distributed geographically and to be accessible from anywhere.
- the data cloud 20 can be open in the Internet.
- a typical login scenario includes the following steps.
- the client 10 requests a page (of data) from the server 22 that requires authentication, but does not provide a user name and password.
- the server 22 responds with a (HTTP) response code (e.g., a "401" response code), providing an authentication realm and a randomly-generated, single-use value referred to as a nonce.
- the client 10 presents the authentication realm (typically a computer or system being accessed) to a user and prompts the user for a user name and password. Once a user name and password have been supplied, the client 10 re-sends the same request, but adds an authentication header that includes the response code with the user name and (typically) a hashed password.
- the server 22 checks the credentials and returns the page requested. If the user name is invalid and/or the password is incorrect, the server returns an error response (e.g. "401").
- the user credentials (e.g., the user name and hashed password) are stored in the data cloud 20.
- Authorization to the credentials is based on, for example, one of an OAuth key and secret or on SSL/TLS.
- the data may be stored as a ⁇ key, value> pair, where the key is, for example, a combination of username and hashed password, and the value is, for example, information on how many times the data has been accessed during some interval of time (e.g., during the last minute).
- the data cloud 20 may restrict, for example, the number of times any application can access certain credentials.
- the user credentials may have the form: ⁇ "username” + hashed password, accountid>.
- the key contains the credentials as a unique item.
- the credentials may contain any information, such as the user's full name, account identification, mobile telephone number and so forth.
- the key defines the subject, and the value the object.
- a key may have an expiration time as provenance data, and may be salted.
- a salt comprises random bits that are used as one of the inputs to a key derivation function.
- the other input is typically a password or passphrase.
- the output of the key derivation function is stored as the encrypted version of the password.
- a salt can also be used as a part of a key in a cipher or other cryptographic algorithm.
- the key derivation function typically uses a cryptographic hash function.
- SSL is one scheme that uses salts. More preferably, reference can be made to RFC 2898, PKCS #5: Password-Based Cryptography Specification, Version 2.0, B. Kaliski, September 2000.
- the data stored in the data cloud 20 is visible to all applications, services and the like worldwide (if the user/service has proper access rights to the data).
- Client code can be shared by several applications, client components, services and the like. Client code can have a secure access to credentials stored in the data cloud 20. However, to extract information from the data cloud 20 the client 10 must be able to provide a key matching the keys stored in data cloud 20.
- an authentication program run at the client 10, part of the program 22C may display a login screen and prompt the user to enter credentials. After the user has entered the credentials the authentication program checks to determine if the credentials are valid by accessing data cloud with a proper key (e.g., the authentication program sends a Get ("user name" + hashed password)). This is shown in Figure 1 as the Operation 1. If the key is valid the server 22 returns, for example, an accountid associated with the user. This is shown in Figure 1 as the Operation 2. Assuming that the key is valid, a cookie (e.g., SSO token / UUID) is created by the client 10, e.g., by a client application or service. This is shown in Figure 1 as the Operation 3. The SSO token is then stored into the data cloud 20 using, for example, a Put(SSO token) message, shown as Operation 4 in Figure 1 .
- a proper key e.g., the authentication program sends a Get ("user name" + hashed password)
- the cookie (containing the SSO token) that is created has a limited lifetime, and may be available only for one browsing session.
- the user After having received the SSO token, accesses a service that is a member of the same authentication configuration, and if the browsing session has not been terminated or expired, then the user is automatically authenticated and is not challenged for user name and password.
- authentication and token management are totally distributed to applications, clients and trusted services.
- a HA is only dependent on network capability and data cloud 20 caching.
- the credential keys can be cached and distributed into, for example, the CDN.
- tokens may have at least the same complexity as UUIDs.
- the probability that two or more tokens would have the same signature is small, and when combined with, for example, an application key the probability of a collision occurring is negligible.
- FIG. 2 is a logic flow diagram that illustrates the operation of a method, and a result of execution of computer program instructions, in accordance with the exemplary embodiments of this invention.
- a method performs, at Block 2A, a step performed in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user.
- Block 2B there is a step of receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce.
- Block 2C there is a step of presenting the information descriptive of the authentication realm to a user, and prompting the user for a user name and password.
- Block 2D there is a step of re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password.
- Block 2E there is a step that is executed, if the user credentials are valid, of receiving from the data cloud the requested stored data.
- the various exemplary embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof.
- some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the invention is not limited thereto.
- firmware or software which may be executed by a controller, microprocessor or other computing device, although the invention is not limited thereto.
- While various aspects of the exemplary embodiments of this invention may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
- the integrated circuit, or circuits may comprise circuitry (as well as possibly firmware) for embodying at least one or more of a data processor or data processors, a digital signal processor or processors, baseband circuitry and radio frequency circuitry that are configurable so as to operate in accordance with the exemplary embodiments of this invention.
- connection means any connection or coupling, either direct or indirect, between two or more elements, and may encompass the presence of one or more intermediate elements between two elements that are “connected” or “coupled” together.
- the coupling or connection between the elements can be physical, logical, or a combination thereof.
- two elements may be considered to be “connected” or “coupled” together by the use of one or more wires, cables and/or printed electrical connections, as well as by the use of electromagnetic energy, such as electromagnetic energy having wavelengths in the radio frequency region, the microwave region and the optical (both visible and invisible) region, as several non-limiting and non-exhaustive examples.
- the various names used for the described parameters are not intended to be limiting in any respect, as these parameters may be identified by any suitable names.
- the various names assigned to different functions e.g., UUID, SSO, SSL, TLS, etc. are not intended to be limiting in any respect, as these various functions may be identified by any suitable names, and may also in some cases be replaced by different functions providing the same or similar functionality.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Claims (12)
- Verfahren, das umfasst:Senden (2A) einer Client-Anforderung von gespeicherten Daten in eine Datenwolke als Reaktion auf eine Notwendigkeit für einen Benutzer, auf bestimmte gespeicherte Daten zuzugreifen, die eine Authentifizierung erfordern, wobei die Client-Anforderung den Benutzer nicht identifiziert, wobei die Datenwolke eine Sammlung von Ressourcen ist, die gepflegt werden, um einen geographisch verteilten Datenspeicher für die Daten bereitzustellen;Empfangen (2B), aus der Datenwolke, von Antwortinformationen, die einen Authentifizierungsbereich beschreiben,wobei der Authentifizierungsbereich dem geographisch verteilten Datenspeicher entspricht und wobei die Antwortinformationen Informationen umfassen, die einen Authentifizierungscomputer oder ein Authentifizierungssystem in der Datenwolke identifizieren, auf den bzw. das zur Authentifizierung mit dem Authentifizierungsbereich zugegriffen werden soll;Präsentieren (2C) der den Authentifizierungsbereich beschreibenden Informationen für den Benutzer und Auffordern des Benutzers nach einem Benutzernamen und Passwort, underneutes Senden (2D) der gleichen Client-Anfrage in die Datenwolke mit einem Authentifizierungsheader, der Benutzerberechtigungsnachweise aufweist, die zumindest teilweise unter Verwendung der Antwortinformationen erzeugt wurden, wobei die Benutzerberechtigungsnachweise den Benutzernamen und ein gehaschtes Passwort umfassen, wobei das gehaschte Passwort unter Verwendung einer in den Antwortinformationen umfassten Funktion gebildet wird, wobei die Benutzerberechtigungsnachweise in der Datenwolke als Schlüssel-und-Wert-Paar <key, value> gespeichert werden, das mehreren autorisierten Benutzeranwendungen Zugriff auf die Benutzerberechtigungsnachweise gewährt, wobei der Schlüssel eine Kombination aus Benutzernamen und gehashtem Passwort umfasst und der Wert Informationen umfasst, die beschreiben, wie oft während eines bestimmten Zeitintervalls auf die Daten zugegriffen worden ist.
- Verfahren nach Anspruch 1, wobei die Benutzerberechtigungsnachweise in der Datenwolke gespeichert werden.
- Verfahren nach einem der vorhergehenden Ansprüche, wobei die Autorisierung für die Benutzerberechtigungsnachweise auf einem offenen Autorisierungsschlüssel und einer Geheiminformation basiert.
- Verfahren nach einem der Ansprüche 1 bis 2, wobei die Autorisierung für die Benutzerberechtigungsnachweise auf wenigstens einem aus einem Secure Socket Layer oder einer Transparent-Schicht-Security besteht.
- Verfahren nach einem der vorhergehenden Ansprüche, wobei der Benutzername in den Benutzerberechtigungsnachweisen ebenfalls gehasht wird.
- Verfahren nach Anspruch 1, wobei die Benutzerberechtigungsnachweise nur dann gültig sind, wenn sie mit Benutzerberechtigungsnachweisen übereinstimmen, die bereits in der Datenwolke gespeichert sind.
- Verfahren nach einem der vorhergehenden Ansprüche, wobei als Reaktion darauf, dass die Benutzerberechtigungsnachweise gültig sind, ferner umfassend ein Erzeugen eines Cookies und Speichern des Cookies in der Datenwolke.
- Verfahren nach Anspruch 7, wobei das Cookie nur für eine einzige Benutzer-Browsing-Sitzung verfügbar ist.
- Verfahren nach Anspruch 8, wobei das Cookie aus einem Single-Sign-On-Token besteht.
- Verfahren gemäß einem der vorhergehenden Ansprüche, das durchgeführt wird als Resultat einer Ausführung von Computerprogrammbefehlen, die auf einem computerlesbaren Speichermedium gespeichert sind.
- Vorrichtung, die umfasst:einen Prozessor; undeinen Speicher mit einem Computerprogrammcode, wobei der Speicher und der Computerprogrammcode dazu ausgelegt sind, mit dem Prozessor zu bewirken, dass die Vorrichtung zumindest durchführt: Senden einer Client-Anforderung von gespeicherten Daten in eine Datenwolke als Reaktion (2A) auf eine Notwendigkeit für einen Benutzer, auf bestimmte gespeicherte Daten zuzugreifen, die eine Authentifizierung erfordern, wobei die Client-Anforderung den Benutzer nicht identifiziert, wobei die Datenwolke eine Sammlung von Ressourcen ist, die gepflegt werden, um einen geographisch verteilten Datenspeicher für die Daten bereitzustellen; Empfangen (2B), aus der Datenwolke, von Antwortinformationen, die einen Authentifizierungsbereich beschreiben, wobei der Authentifizierungsbereich dem geographisch verteilten Datenspeicher entspricht und wobei die Antwortinformationen Informationen umfassen, die einen Authentifizierungscomputer oder ein Authentifizierungssystem in der Datenwolke identifizieren, auf den bzw. das zur Authentifizierung mit dem Authentifizierungsbereich zugegriffen werden soll; Präsentieren (2C) der den Authentifizierungsbereich beschreibenden Informationen für den Benutzer, und Auffordern des Benutzers nach einem Benutzernamen und Passwort; und erneutes Senden (2D) der gleichen Client-Anfrage in die Datenwolke mit einem Authentifizierungsheader, der Benutzerberechtigungsnachweise aufweist, die zumindest teilweise unter Verwendung der Antwortinformationen erzeugt wurden, wobei die Benutzerberechtigungsnachweise den Benutzernamen und ein gehaschtes Passwort umfassen, wobei das gehaschte Passwort unter Verwendung einer in den Antwortinformationen umfassten Funktion gebildet wird, wobei die Benutzerberechtigungsnachweise in der Datenwolke als Schlüssel-und-Wert-Paar <key, value> gespeichert werden, das mehreren autorisierten Benutzeranwendungen Zugriff auf die Benutzerberechtigungsnachweise gewährt, wobei der Schlüssel eine Kombination aus Benutzernamen und gehashtem Passwort umfasst und der Wert Informationen umfasst, die beschreiben, wie oft während eines bestimmten Zeitintervalls auf die Daten zugegriffen worden ist.
- Vorrichtung nach Anspruch 11, mit Mitteln zum Durchführen eines Verfahrens gemäß einem der Ansprüche 2 bis 10.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US29072909P | 2009-12-29 | 2009-12-29 | |
PCT/FI2010/051066 WO2011080389A1 (en) | 2009-12-29 | 2010-12-21 | Distributed authentication with data cloud |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2520064A1 EP2520064A1 (de) | 2012-11-07 |
EP2520064A4 EP2520064A4 (de) | 2016-11-16 |
EP2520064B1 true EP2520064B1 (de) | 2018-10-17 |
Family
ID=44226197
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP10840637.2A Active EP2520064B1 (de) | 2009-12-29 | 2010-12-21 | Verteilte authentifizierung mit daten-clouds |
Country Status (4)
Country | Link |
---|---|
US (1) | US9485246B2 (de) |
EP (1) | EP2520064B1 (de) |
CN (1) | CN102687482B (de) |
WO (1) | WO2011080389A1 (de) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI475411B (zh) * | 2011-12-29 | 2015-03-01 | Chunghwa Telecom Co Ltd | Large data checking system and its method in cloud platform |
EP2800330A1 (de) * | 2013-04-29 | 2014-11-05 | Wanin International Co., Ltd. | Geheimschlüsselverwaltungsverfahren für Mehrfachnetzwerkplattform |
US9311500B2 (en) * | 2013-09-25 | 2016-04-12 | Amazon Technologies, Inc. | Data security using request-supplied keys |
US9397990B1 (en) | 2013-11-08 | 2016-07-19 | Google Inc. | Methods and systems of generating and using authentication credentials for decentralized authorization in the cloud |
KR101563562B1 (ko) | 2014-07-11 | 2015-10-27 | 숭실대학교산학협력단 | Ssl/tls 인증 장치 및 방법 |
US9813400B2 (en) * | 2014-11-07 | 2017-11-07 | Probaris Technologies, Inc. | Computer-implemented systems and methods of device based, internet-centric, authentication |
US10904234B2 (en) | 2014-11-07 | 2021-01-26 | Privakey, Inc. | Systems and methods of device based customer authentication and authorization |
US9350556B1 (en) | 2015-04-20 | 2016-05-24 | Google Inc. | Security model for identification and authentication in encrypted communications using delegate certificate chain bound to third party key |
US10044718B2 (en) | 2015-05-27 | 2018-08-07 | Google Llc | Authorization in a distributed system using access control lists and groups |
US10171322B2 (en) * | 2016-01-11 | 2019-01-01 | International Business Machines Corporation | Dynamic and secure cloud to on-premise interaction and connection management |
EP3345370B1 (de) | 2016-01-29 | 2019-03-13 | Google LLC | Vorrichtungszugangswiderruf |
US10129231B2 (en) * | 2016-12-08 | 2018-11-13 | Oath Inc. | Computerized system and method for automatically sharing device pairing credentials across multiple devices |
KR102032210B1 (ko) * | 2018-02-22 | 2019-10-15 | 주식회사 한컴위드 | 개인 식별번호의 입력을 통한 간편 인증이 가능한 사용자 인증 처리 장치 및 그 동작 방법 |
CN109688143B (zh) * | 2018-12-28 | 2021-01-22 | 西安电子科技大学 | 一种面向云环境中隐私保护的聚类数据挖掘方法 |
US11184345B2 (en) * | 2019-03-29 | 2021-11-23 | Vmware, Inc. | Workflow service back end integration |
US11265309B2 (en) * | 2019-03-29 | 2022-03-01 | Vmware, Inc. | Workflow service back end integration |
US11265308B2 (en) | 2019-03-29 | 2022-03-01 | Vmware, Inc. | Workflow service back end integration |
CN110502911A (zh) * | 2019-08-16 | 2019-11-26 | 苏州浪潮智能科技有限公司 | 一种基于Faas云服务配置vFPGA的方法、设备以及存储介质 |
CN110781506A (zh) * | 2019-10-18 | 2020-02-11 | 浪潮电子信息产业股份有限公司 | 一种虚拟化fpga的运行方法、运行装置及运行系统 |
CN112291236B (zh) * | 2020-10-28 | 2022-06-21 | 青岛大学 | 一种云端数据所有权验证方法、装置、设备及介质 |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7290288B2 (en) * | 1997-06-11 | 2007-10-30 | Prism Technologies, L.L.C. | Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network |
US6928463B1 (en) * | 2001-07-06 | 2005-08-09 | Nortel Networks Limited | Broadband content delivery via personal content tunnel |
US20030069854A1 (en) * | 2001-10-09 | 2003-04-10 | Hsu Michael M. | Expiring content on playback devices |
US7191467B1 (en) * | 2002-03-15 | 2007-03-13 | Microsoft Corporation | Method and system of integrating third party authentication into internet browser code |
US7475241B2 (en) * | 2002-11-22 | 2009-01-06 | Cisco Technology, Inc. | Methods and apparatus for dynamic session key generation and rekeying in mobile IP |
US8452881B2 (en) * | 2004-09-28 | 2013-05-28 | Toufic Boubez | System and method for bridging identities in a service oriented architecture |
JP4480427B2 (ja) * | 2004-03-12 | 2010-06-16 | パナソニック株式会社 | リソース管理装置 |
US7818342B2 (en) * | 2004-11-12 | 2010-10-19 | Sap Ag | Tracking usage of data elements in electronic business communications |
JP5087850B2 (ja) * | 2006-03-14 | 2012-12-05 | 富士通株式会社 | サービス仲介方法、サービス仲介装置及びサービス仲介システム |
US20080077638A1 (en) | 2006-09-21 | 2008-03-27 | Microsoft Corporation | Distributed storage in a computing environment |
US20080080526A1 (en) | 2006-09-28 | 2008-04-03 | Microsoft Corporation | Migrating data to new cloud |
US8046827B2 (en) * | 2007-06-12 | 2011-10-25 | Francisco Corella | Access control of interaction context of application |
US7783666B1 (en) * | 2007-09-26 | 2010-08-24 | Netapp, Inc. | Controlling access to storage resources by using access pattern based quotas |
US8744423B2 (en) | 2007-09-28 | 2014-06-03 | Microsoft Corporation | Device migration |
US20090178131A1 (en) | 2008-01-08 | 2009-07-09 | Microsoft Corporation | Globally distributed infrastructure for secure content management |
US7945774B2 (en) * | 2008-04-07 | 2011-05-17 | Safemashups Inc. | Efficient security for mashups |
US20090271847A1 (en) * | 2008-04-25 | 2009-10-29 | Nokia Corporation | Methods, Apparatuses, and Computer Program Products for Providing a Single Service Sign-On |
US8156333B2 (en) | 2008-05-29 | 2012-04-10 | Red Hat, Inc. | Username based authentication security |
US20090328081A1 (en) * | 2008-06-27 | 2009-12-31 | Linus Bille | Method and system for secure content hosting and distribution |
EP2202662A1 (de) * | 2008-12-24 | 2010-06-30 | Gemalto SA | Tragbare Sicherheitsvorrichtung, die gegen Keylogger-Programme schützt |
US8364969B2 (en) * | 2009-02-02 | 2013-01-29 | Yahoo! Inc. | Protecting privacy of shared personal information |
US8467768B2 (en) * | 2009-02-17 | 2013-06-18 | Lookout, Inc. | System and method for remotely securing or recovering a mobile device |
US20100319059A1 (en) * | 2009-06-10 | 2010-12-16 | Avaya Inc. | Sip digest authentication handle credential management |
US20100332832A1 (en) * | 2009-06-26 | 2010-12-30 | Institute For Information Industry | Two-factor authentication method and system for securing online transactions |
-
2010
- 2010-12-21 EP EP10840637.2A patent/EP2520064B1/de active Active
- 2010-12-21 CN CN201080059924.9A patent/CN102687482B/zh active Active
- 2010-12-21 US US13/519,438 patent/US9485246B2/en active Active
- 2010-12-21 WO PCT/FI2010/051066 patent/WO2011080389A1/en active Application Filing
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
EP2520064A4 (de) | 2016-11-16 |
CN102687482A (zh) | 2012-09-19 |
US9485246B2 (en) | 2016-11-01 |
EP2520064A1 (de) | 2012-11-07 |
US20130019299A1 (en) | 2013-01-17 |
CN102687482B (zh) | 2016-03-09 |
WO2011080389A1 (en) | 2011-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2520064B1 (de) | Verteilte authentifizierung mit daten-clouds | |
US11329989B2 (en) | Token-based access control and grouping | |
US11431702B2 (en) | Authenticating and authorizing users with JWT and tokenization | |
US10715514B1 (en) | Token-based credential renewal service | |
US10574648B2 (en) | Methods and systems for user authentication | |
CN101507233B (zh) | 用于提供对于应用程序和基于互联网的服务的可信单点登录访问的方法和设备 | |
US10673862B1 (en) | Token-based access tracking and revocation | |
US9813382B2 (en) | Cryptographic binding of multiple secured connections | |
US9264420B2 (en) | Single sign-on for network applications | |
US11509651B2 (en) | Method and system for secure automatic login through a mobile device | |
Singh et al. | Identity management in cloud computing through claim-based solution | |
Binu et al. | A mobile based remote user authentication scheme without verifier table for cloud based services | |
Everts et al. | UbiKiMa: Ubiquitous authentication using a smartphone, migrating from passwords to strong cryptography | |
JP7276737B2 (ja) | 本人認証システム及び本人認証方法 | |
EP2530618B1 (de) | Sign-On-System mit verteiltem Zugang | |
KR20100008893A (ko) | 인터넷 접속 도구를 고려한 사용자 인증 방법 및 시스템 | |
Ozha | Kerberos: An Authentication Protocol | |
WO2024122069A1 (ja) | 本人認証システム及び本人認証方法 | |
KR102639244B1 (ko) | Sso에 기반한 통합 인증 솔루션을 제공하는 방법, 서버및 시스템 | |
US20230299958A1 (en) | Methods and systems for authenticating a candidate user of a first and as second electronic service | |
Xu et al. | Qrtoken: Unifying authentication framework to protect user online identity | |
Adida | FragToken: Secure Web Authentication using the Fragment Identifier | |
Hosseyni et al. | Formal security analysis of the OpenID FAPI 2.0 Security Profile with FAPI 2.0 Message Signing, FAPI-CIBA, Dynamic Client Registration and Management: technical report | |
US20110307700A1 (en) | System and method for performing two factor authentication and digital signing | |
Wu | Authentication in Web Applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20120608 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NOKIA CORPORATION |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NOKIA TECHNOLOGIES OY |
|
RA4 | Supplementary search report drawn up and despatched (corrected) |
Effective date: 20161017 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/32 20060101ALI20161011BHEP Ipc: H04L 29/06 20060101AFI20161011BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20180514 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602010054481 Country of ref document: DE Ref country code: AT Ref legal event code: REF Ref document number: 1055357 Country of ref document: AT Kind code of ref document: T Effective date: 20181115 |
|
REG | Reference to a national code |
Ref country code: SE Ref legal event code: TRGR |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20181017 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1055357 Country of ref document: AT Kind code of ref document: T Effective date: 20181017 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190117 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190217 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190117 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190118 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190217 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602010054481 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20181221 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 |
|
RAP2 | Party data changed (patent owner data changed or rights of a patent transferred) |
Owner name: NOKIA TECHNOLOGIES OY |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
26N | No opposition filed |
Effective date: 20190718 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20190117 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20181231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20181221 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20181231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20181231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190117 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20181231 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20181231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20181221 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20101221 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20181017 Ref country code: MK Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20181017 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602010054481 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04L0029060000 Ipc: H04L0065000000 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: SE Payment date: 20231110 Year of fee payment: 14 Ref country code: DE Payment date: 20231031 Year of fee payment: 14 |